HP Audio Driver Exposes Real-time Keystrokes via Local API

The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user’s keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look.

This one is particularly interesting because its default behavior is to log locally to a file, but if that file doesn’t exist or can’t be written to, then it falls back to the API stream which with a little crafty interception could lead to real-time capturing of a user’s keystrokes including username/passwords, URLs visited, email contents, etc.

Obviously, this presents a huge security risk for enterprise-class HP customers, as the majority of the models impacted by the vulnerability are intended for the corporate environments of the world. Yet, HP has to confirm or comment on the matter.

So, identifying the 17 different Microsoft operating systems potentially impacted by this vulnerability is the bigger challenge. To that end, I’ve provided a simple SCCM query to build a collection of systems based upon the 28 models called out in modzero’s research. I’m monitoring this vulnerability with multiple alert channels and will update the collection query if new data unfolds.

If you find this post helpful, please consider sharing so others may be able to help protect their organizations as well. Thank you!

Fixes to this problem will arrive via Windows Update on the affected laptops. A fix for laptops released in 2016 was added to Windows Update on May 11, while a fix for laptops released in 2015 is set to arrive on May 12

Archives

Get My New Book!

Duncan is currently authoring a new book, Advanced Windows Security, due to be published Summer 2017 through LeanPub.
This full-length “living” e-book is designed with the Windows SysAdmin in mind, covering the best and latest technologies from Microsoft to help provide a defense-in-depth approach for your organisation’s security posture. Over 20 topic areas are covered with deep-tissue dives right into the true subject matter so you can immediately apply these recipes in your own environments, helping to protect and defend yourselves against today’s cyber threats.
For more information, including notification upon release, please visit: https://leanpub.com/advancedwindowssecurity/